nitrocode
commented
5 days ago This would be nice to have in AWS as well since they recently added support for SVCB/HTTPS records.
Open PseudoResonance opened 1 week ago
nitrocode
commented
5 days ago This would be nice to have in AWS as well since they recently added support for SVCB/HTTPS records.
What would you like to be added:
Automatic generation of HTTPS/SVCB (type 64/65) DNS records based on service IPs.
Why is this needed:
Around August, Cloudflare began rolling out ECH support with HTTPS records, and Firefox has also forcefully enabled support. While support for connecting is still missing in Golang as of November, it would be good to begin supporting it, as it has the potential to improve security for users.
Additionally, I use ExternalDNS to override global DNS for internal lookups, however now that Cloudflare has rolled out HTTPS records and ECH, my sites will get the external IPs from Cloudflare's HTTPS, and the internal IPs from ExternalDNS' A/AAA records. Depending on the implementation, sites that can be found through HTTPS/SVCB may completely ignore corresponding A/AAAA records and use only the ipv4/ipv6 hints, or may take a very long time to load, and I had to manually override the HTTPS records to prevent interruption.
If ExternalDNS could automatically add these records as well, it would simplify the process.